Google yesterday announced a bug-bounty program that will pay researchers $500 for each vulnerability they report in the Chrome browser and its underlying open-source code.
In a post to the Chromium project's blog, Chris Evans, who works on the Chrome security team, said the base bounty would be $500, but that "particularly severe or particularly clever" bugs would reap rewards of $1,337 each.
The latter amount is a reference to "leet," a kind of geek-speak used by some researchers; there, "leet" is rendered as "1337."
New vulnerabilities in Chrome, Chromium -- the open-source project that Google uses to craft Chrome -- and plug-ins that ship with Chrome, such as Google Gears, are eligible for bounties, said Evans. Chrome OS is not part of the program at the moment, but it may be added in the future. Bugs that are ranked "high" or "critical" in Chrome's rating system get preference, he added, but others may be considered.
More: http://www.computerworld.com/s/article/9150011/
In a post to the Chromium project's blog, Chris Evans, who works on the Chrome security team, said the base bounty would be $500, but that "particularly severe or particularly clever" bugs would reap rewards of $1,337 each.
The latter amount is a reference to "leet," a kind of geek-speak used by some researchers; there, "leet" is rendered as "1337."
New vulnerabilities in Chrome, Chromium -- the open-source project that Google uses to craft Chrome -- and plug-ins that ship with Chrome, such as Google Gears, are eligible for bounties, said Evans. Chrome OS is not part of the program at the moment, but it may be added in the future. Bugs that are ranked "high" or "critical" in Chrome's rating system get preference, he added, but others may be considered.
More: http://www.computerworld.com/s/article/9150011/